[MDEV-21379] Valgrind Invalid read in tree_walk_left_root_right Created: 2019-12-21  Updated: 2023-05-09  Resolved: 2023-05-09

Status: Closed
Project: MariaDB Server
Component/s: Server, Tests
Affects Version/s: 10.1
Fix Version/s: N/A

Type: Bug Priority: Minor
Reporter: Elena Stepanova Assignee: Oleksandr Byelkin
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-20620 AddressSanitizer: use-after-poison in... Closed

 Description   

10.1 1f1e3ce8 valgrind

 
$ perl ./mtr --valgrind main.func_gconcat
 
 
 
main.func_gconcat                        [ fail ]  Found warnings/errors in server log file!
 
        Test ended at 2019-12-22 01:18:43
 
line
 
==29619== Thread 6:
 
==29619== Invalid read of size 8
 
==29619==    at 0x4C32640: memmove (vg_replace_strmem.c:1252)
 
==29619==    by 0xEFAEAB: tree_insert (tree.c:255)
 
==29619==    by 0x8F8F62: copy_to_tree (item_sum.cc:3327)
 
==29619==    by 0xEFBB5A: tree_walk_left_root_right (tree.c:551)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==  Address 0xdc490c8 is 0 bytes after a block of size 296 alloc'd
 
==29619==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
 
==29619==    by 0xEE90BB: my_malloc (my_malloc.c:101)
 
==29619==    by 0xED9FC5: alloc_root (my_alloc.c:188)
 
==29619==    by 0xEFAE0D: tree_insert (tree.c:243)
 
==29619==    by 0x8F9531: Item_func_group_concat::add() (item_sum.cc:3416)
 
==29619==    by 0x8FAD3C: Aggregator_simple::add() (item_sum.h:672)
 
==29619==    by 0x668DAC: Item_sum::aggregator_add() (item_sum.h:521)
 
==29619==    by 0x668C97: Item_sum::reset_and_add() (item_sum.h:412)
 
==29619==    by 0x65F428: init_sum_functions(Item_sum**, Item_sum**) (sql_select.cc:23660)
 
==29619==    by 0x656247: end_send_group(JOIN*, st_join_table*, bool) (sql_select.cc:19927)
 
==29619==    by 0x65361B: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:18812)
 
==29619==    by 0x652F0F: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:18589)
 
==29619==    by 0x652764: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:18244)
 
==29619==    by 0x62C2DD: JOIN::exec_inner() (sql_select.cc:3277)
 
==29619==    by 0x6295AA: JOIN::exec() (sql_select.cc:2564)
 
==29619==    by 0x62CB02: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3501)
 
==29619== Invalid read of size 8
 
==29619==    at 0x4C3264E: memmove (vg_replace_strmem.c:1252)
 
==29619==    by 0xEFAEAB: tree_insert (tree.c:255)
 
==29619==    by 0x8F8F62: copy_to_tree (item_sum.cc:3327)
 
==29619==    by 0xEFBB5A: tree_walk_left_root_right (tree.c:551)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==  Address 0xe520330 is 0 bytes after a block of size 304 alloc'd
 
==29619==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
 
==29619==    by 0xEE90BB: my_malloc (my_malloc.c:101)
 
==29619==    by 0xED9FC5: alloc_root (my_alloc.c:188)
 
==29619==    by 0xEFAE0D: tree_insert (tree.c:243)
 
==29619==    by 0x8F8F62: copy_to_tree (item_sum.cc:3327)
 
==29619==    by 0xEFBB5A: tree_walk_left_root_right (tree.c:551)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)
 
==29619==    by 0xEFBB0B: tree_walk_left_root_right (tree.c:550)

Not reproducible on 10.2.

 Comments   
Comment by Elena Stepanova [ 2023-05-09 ]

10.1 is long EOL, and as the description says, it wasn't reproducible on 10.2+

Generated at Thu Feb 08 09:06:41 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.